Squarespace is incredibly user-friendly and offers many tools and plugins to create any website you want, even an ecommerce store.
Read the highlighted text in the screenshot below to see what Squarespace expects of their users regarding data privacy and privacy policies:
Squarespace makes it clear that all liabilities fall on you, the business owner, to comply with data privacy laws. So you must take the time to determine which regulations apply to you.
Remember, Squarespace expects you to know what legislation your business falls under, including data privacy, industry-specific, and consumer protection laws. Otherwise you risk account termination.
To help you, the table below describes the legal threshold for some of the most prominent data protection regulations worldwide, so take note of any that apply to you.
|Data Privacy Law||Legal Threshold|
|General Data Protection Regulation (GDPR)||Any organization that collects, processes, or stores the personal data of individuals located in the European Union (EU) or European Economic Area (EEA).|
|The Data Protection Act (UK GDPR)||Any organization offering goods or services to UK citizens that processes their personal data.|
|Amended California Consumer Privacy Rights Act (CCPA/CPRA)||For-profit entities that do business in California and meet one of the following:
|California Online Privacy Protection Act (CalOPPA)||Any website with California visitors falls under the threshold of this law.|
|Virginia Consumer Data Privacy Act (VCDPA)||Entities doing business in Virginia or targeting Virginia residents who meet one of the following:
|Connecticut Data Protection Act (CTDPA)||Any data controller or processor who conducts business in Connecticut or produces products or services targeted at Connecticut consumers and any controller or processor who meets one or more of the following:
|Colorado Privacy Act (CPA)||Controllers that conduct business in Colorado or who produce or deliver commercial products intentionally targeted to Colorado residents that meet one (or both) of the following:
|Children’s Online Privacy Protection Act (COPPA)||Any website or online service that is directed at children under 13 that:
|Personal Information Protection and Electronic Documents Act (PIPEDA)||Any organization that collects and uses personal information in connection with commercial activities, including selling or sharing donors, membership, or fundraising lists, falls under PIPEDA.|
|Australia’s Privacy Act of 1988||Any Australian government entities or organizations that have annual gross revenue of $3 million and small businesses that make less than $3 million who meet any of the following:
|New Zealand’s Privacy Act of 2020||Any person, organization, or business in the public or private sector that collects and holds personal information about other people.|
|South Africa’s Protection of Personal Information Act (PoPIA)||Any entity registered to South Africa that processes personal data or people from any location.
And any entities located outside of the country who outsource their data processing to South Africa.
In this section, I briefly summarize the clauses relevant to Squarespace privacy policies. Take note of the ones you need, and feel free to leave out anything that doesn’t apply to you.
What Personal Data You Collect
Every data privacy law requires you to explain what personal data you collect from users, including any sensitive personal information.
Consider listing this information in a simple bullet list or organizing it into a table to make it easy to read.
See how Schneid Studios, a home goods designer using Squarespace, writes this clause:
How and Why You Use the Personal Data
You must explain how you collect personal data from users and why you’re processing it — under laws like the GDPR, this is your legal basis.
If You Share Data With Third-Parties
Most data privacy laws require you to inform your users if you share their information with any third-party entities. You’re typically required to list the categories of data shared with third parties and the categories of the third parties themselves.
Details About International Data Transfers
Under laws like Australia’s Data Privacy Act of 1988, the GDPR, and PoPIA, you must include a clause explaining your intention to transfer personal data internationally.
Cookies and Other Tracking Technology
Children’s Data Clause
Even if you don’t target children, consider adding this clause and explaining how legal guardians can contact you if they believe you accidentally collected information from a child.
Data Retention Policy
Data Safety and Security
Description of Your Users’ Data Privacy Rights
Company Contact Information
- Managed solution
- Free template
- Do-it-yourself approach
Some of these methods are better than others, so let’s go over each solution together so you can pick the way that works best for your Squarespace site.
Our generator asks you simple questions about your business. It then creates a compliant, unique policy based on your answers that you can link directly to your Squarespace site.
Whenever you need to make any updates or changes, log back into your Termly dashboard, edit the agreement, and then hit Publish.
In the screenshot below, see an example of one of the compliance questions it asks you.
Use a Template
Templates take longer than generators because you have to manually fill in the blank sections of the document with details about your business. But ours includes the most relevant clauses to help you comply with several significant data privacy laws.
See a sample of what it looks like in the screenshot below.
To help inspire you as you make your own agreement, let’s look at a strong example of privacy policies that an actual Squarespace website uses.
Check it out below.
See a sample of the clause in the screenshot below.